Parent Directory | Revision Log
Fix subject
1 | type: security |
2 | subject: Updated plexus-archiver package fixes security vulnerability |
3 | CVE: |
4 | - CVE-2012-2098 |
5 | src: |
6 | 3: |
7 | core: |
8 | - plexus-archiver-2.3-1.1.mga3 |
9 | description: | |
10 | Algorithmic complexity vulnerability in the sorting algorithms in bzip2 |
11 | compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress |
12 | before 1.4.1 allows remote attackers to cause a denial of service (CPU |
13 | consumption) via a file with many repeating inputs (CVE-2012-2098). |
14 | |
15 | plexus-archiver used an embedded copy of the affected code from Apache |
16 | Commons Compress, and therefore was affected by this. It has been patched |
17 | to use the apache-commons-compress package, in which this issue has already |
18 | been fixed, for bzip2 compression and decompression. |
19 | references: |
20 | - https://bugs.mageia.org/show_bug.cgi?id=6331 |
21 | - https://lists.fedoraproject.org/pipermail/package-announce/2012-June/081697.html |
22 | - https://lists.fedoraproject.org/pipermail/package-announce/2013-May/105060.html |
23 | ID: MGASA-2014-0056 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |